Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Open Redirect in ecstatic High
GHSA-9q64-mpxx-87fg was published for ecstatic (npm) Apr 1, 2020
DOS and Open Redirect with user input High
CVE-2021-22964 was published for fastify-static (npm) Oct 12, 2021
node-fetch forwards secure headers to untrusted sites High
CVE-2022-0235 was published for node-fetch (npm) Jan 21, 2022
kurt-r2c
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect High
CVE-2022-24794 was published for express-openid-connect (npm) Mar 31, 2022
jviding kurt-r2c
oauth2-server through 3.1.1 vulnerable to Open Redirect High
CVE-2020-26938 was published for oauth2-server (npm) Aug 30, 2022
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy innerdvations alexandrebodin
ProTip! Advisories are also available from the GraphQL API